And Now for Another Data Breach

This news comes almost a month exactly after Heartland Payment Systems (HPY) went public with news of its data breach sometime in 2008. And, hey, you can see lessons learned already in the wake of the Heartland breach. At the time, people like me commended Heartland executives for stepping forward and volunteering this information. Then the market went out and gutted Heartland's stock value. Shares today trade for about one-fourth what they did just five months ago, and on Feb. 17, Heartland's value sunk to a 52-week low of $7.60 per share -- down almost $2 since the breach news broke.

It's one thing to hear that hundreds of banks and credit unions have been affected. But when you see each institution's name in every state of the union?

So, what's the lesson learned? Well, the latest victim hasn't stepped forward, and details of the breach - and the processor's identity - have been closely guarded the past few weeks. Clearly, people have seen the price of full disclosure, so they're opting instead for stealth.

But we can confirm news of this second breach today. And although we can't yet offer full details - how many institutions, cards, consumers affected - we can do the same thing we did after the Heartland breach: Provide a venue to share news and insights.

If you've followed our Heartland coverage, then you know we've worked hard to keep you current on the latest news, opinions on what's happened and should happen next, the number of banks, credit unions and consumers impacted by the breach. We even have an interactive map wherein you can click on any given state and see exactly which banking institutions have reported Heartland connections.

What you might not know is that a lot of our information came from you. Starting about two weeks ago, seeing no public information about the scope and scale of the Heartland breach, we invited institutions to tell us if they'd been affected. At the time, we knew of maybe 50 institutions. Today, thanks to people like you writing to us and sharing your stories, we're aware of more than 500 institutions impacted by Heartland. And even they may only be the proverbial iceberg tip.

Some people have asked us "Why are you collecting this information? How will you use it?"

The simple answer is: To inform. We just want to keep you current on the broad impact of the breach and to provide visible evidence that these are real institutions and real people who've been disrupted by a real crime. It's one thing to hear that hundreds of banks and credit unions have been affected. But when you see each institution's name in every state of the union? Then it really hits home.

So, if you or your institution has been struck by the Heartland breach and you've not let us know, do so now. Likewise, if you're feeling the impact of this second breach, let us know about that, too.

We can't prevent the crimes or undo the damage done, but by collecting and sharing this information ... well, perhaps together we can lead to action and defenses that will prevent further Heartlands down the road.

About the Author

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.